7

Does anyone know which of the big players (if any) support LDAP/AD users and groups for authentication AND database permissions? Specifically, I'm wondering if SVN, GIT, Mercurial etc. will allow users to login/connect based on AD permissions and also allow granular permissions to be applied to folders within the VC database based on groups within AD. So far my research has not shown this to be possible....

Jason Irwin
  • 173
  • 1
  • 4
  • 1
    I understand your point but disagree. I believe this to be as fundamental to development work as Visual Studio. To me it is closer to "software for devs" than infrastructure... – Jason Irwin Oct 17 '09 at 21:06
  • 1
    Yeah, but normally it is a Sysadmin who has to install and maintain the VCS, not a software developer. You'll have a much better audience here. – Aaron Brown Oct 18 '09 at 15:35

9 Answers9

6

VisualSVN Server allows you to manage svn repository permissions using AD users and groups. And the standard edition is free and meets most organization's needs.

Jamie Ide
  • 178
  • 1
  • 4
2

Not to be flippant, but really, just about all of them do. Since PAM on Linux supports LDAP, standard unix accounts (and therefore, standard files) support LDAP, almost all Linux-compatible version control systems should work fine. Likewise, Windows supports LDAP through Active Directory (AD is basically LDAP with kerberos and some deployment tools, as I understand it), and so any version control that works with standard windows accounts should support it too. I'm pretty sure this all applies to OS X as well.

Lee B
  • 3,380
  • 1
  • 17
  • 15
2

Git certainly does - you need to set up PAM to use pam_winbind.so and pam_mkhomedir.so. Create a group (either locally or in AD, depending on how you want to do it) and create your git repositories on the origin server with the --shared flag. This will tell git that you are sharing the repository amongst multiple users, and it will set up permissions appropriately.

Aaron Brown
  • 1,677
  • 1
  • 12
  • 21
1

We do authentication against AD using Apache. You should be able to get groups working too with that.

Amala
  • 529
  • 2
  • 14
  • That sounds reasonable - its easy to set up Apache to do LDAP authentication against AD. After that when you setup DAV access to Subversion you can rely on the Apache authentication to authorize using AD user names. – Guss Nov 17 '10 at 09:05
1

We are using Centrify to enabling various VCS (ClearCase, Svn, Git) to talk to our AD.
Not free I am afraid, but quite suited for managing user identities in a cross-platform environment since our VCS servers are Unix, while our clients are on Windows: see UNIX & Linux Identity Management

VonC
  • 2,653
  • 5
  • 29
  • 48
  • 1
    Centrify has an "Express" version that is free for use. You can also try Likewise Open for the same functionality, but its a bit hard to setup properly. – Guss Nov 17 '10 at 09:04
  • @Guss: excellent. I didn't see that Express version however, since Centrify is entirely managed by our Unix admin team (I don't install it directly) – VonC Nov 17 '10 at 09:17
0

Regarding Subversion, there is a tool called svnperms, which can use LDAP to fetch group information (the ACLs are still in the configuration file, but it should be easy to adapt it).

0

I use Subversion Administrator it is a simple open source web app that allows for integration with active directory/ldap as well as managing post commit hook subscriptions

pfranza
  • 111
  • 3
0

Perforce can do AD auth, however group management is not integrated with the directory.

fsckin
  • 555
  • 4
  • 9
0

SourceGear Vault and Fortress supports authenticating the user via Active Directory.

Vault's Active Directory integration doesn't automatically pickup your current credentials. You enter your user/pwd, and it queries A.D. to authenticate those credentials that you enter. This is a server-side configuration item, obviously, and the server must be configured to use A.D. identity impersonation.

Unfortunately the user list is still maintained within Vault itself. CRUDing users is still up to the version control admin.

alt text

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
p.campbell
  • 4,397
  • 6
  • 40
  • 51